Information for: DEVELOPERS   PARTNERS

Generating an SSH public key

Before you can either connect to your Git code repository or use SSH to sign in to your web server, you must have an SSH private/public key pair. Use the information on this page to help you create a key pair for your use.

Public key requirements

Acquia Cloud requires that your SSH public key is at least 4,096 bits in size.

All websites requiring Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to an Acquia Cloud environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key, which you can add when you create your SSH key pair. For more information about PCI compliance with Acquia Cloud, see Compliance with standards and regulations.

Creating a private/public key pair

To generate an SSH private/public key pair for your use, you can either create a key pair in the user interface of Acquia Dev Desktop, or use the ssh-keygen command-line utility.

Using Acquia Dev Desktop for your local application development (free download) provides you with an additional advantage—creation of an SSH private/public key pair for your application by clicking a button.

After you install Acquia Dev Desktop, see Generating an SSH key with Dev Desktop to learn how to create an SSH key pair, and then register your public key with Acquia Cloud.

You can run the ssh-keygen command from the command line to generate an SSH private/public key pair.

Note for Windows users

If you are using Windows, by default you may not have access to the ssh-keygen command. To use this command, install and use one of the following options, based on your Windows version:

To generate an SSH private/public key pair using the ssh-keygen command and then copy the public key to your clipboard for use, complete the following steps:

  1. On your local computer, open a command-prompt window.

  2. Ensure you do not already have a public key saved to your computer. To determine if you already have a saved public key run the following command:

    cd ~/.ssh ls -l
    

    If the directory and key file exist, run the following commands to back up the key id_rsa, as the procedure will overwrite any key named id_rsa in this directory:

    mkdir key_backup
    mv id_rsa* key_backup
    
  3. Run the following command to generate a new public/private key pair:

    ssh-keygen -b 4096
    

    The ssh-keygen command prompts you for the directory to contain the key.

    Generating public/private rsa key pair. Enter file in which to save the
    key (/Users/[user_dir]/.ssh/id_rsa):
    

    Press Enter to accept the default location of /.ssh/id_rsa in your user directory.

    Enter passphrase (empty for no passphrase): [passphrase] Enter same
    passphrase again: [passphrase]
    

    Substitute [passphrase] with your own unique, but memorable, text to encrypt the private key on your computer. Although you can use an empty passphrase, if you do, another user can impersonate you with only a copy of your key file (as there will be no required passphrase for additional confirmation of your identity).

    Important

    Be sure to keep track of the passphrase, because you must enter the passphrase whenever you use the key.

    The ssh-keygen command displays the following output message:

    Generating public/private rsa key pair. Your identification has been saved
    in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in
    /Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is:
    52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c [email protected]
    
  4. Copy the public key to your clipboard using a method available to your operating system:

    • macOS: Run the following command to copy the key from the id_rsa.pub file to your clipboard:

      pbcopy < ~/.ssh/id_rsa.pub
      
    • Any operating system: Using your text editor of choice, open the ~/.ssh/id_rsa.pub file, and then copy the contents of the file manually.

      Note

      Copy the key without adding newlines or whitespace. Additional whitespace in the key can cause Acquia Cloud to not recognize the key, which can then require you to complete the key creation process again.

After you generate your key pair, you can add your new public key to your Acquia user profile in Acquia Cloud.